apiVersion: v1
kind: Secret
metadata:
  name: "waiverdb-secret"
  labels:
    app: "waiverdb"
stringData:
{% if env == 'staging' %}
  flask-secret-key: "{{stg_waiverdb_secret_key}}"
  database-password: "{{stg_waiverdb_db_password}}"
{% else %}
  flask-secret-key: "{{prod_waiverdb_secret_key}}"
  database-password: "{{prod_waiverdb_db_password}}"
{% endif %}
  client_secrets.json: |-
    {"web": {
      "redirect_uris": ["https://waiverdb-waiverdb.apps.ocp{{env_suffix}}fedoraproject.org/"],
      "token_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Token",
      "auth_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/Authorization",
{% if env == 'staging' %}
      "client_id": "waiverdb-stg",
      "client_secret": "{{ stg_waiverdb_oidc_secret }}",
{% else %}
      "client_id": "waiverdb",
      "client_secret": "{{ prod_waiverdb_oidc_secret }}",
{% endif %}
      "userinfo_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/UserInfo",
      "token_introspection_uri": "https://id{{ env_suffix }}.fedoraproject.org/openidc/TokenInfo"}}
